Thursday, July 15, 2010

Why You Should Write Down Your Passwords

Common wisdom over the last couple of decades has been to never write down the passwords you use for accessing networked services. But is now the time to begin writing them down? Threats are constantly evolving and perhaps it’s time to revisit one of the longest standing idioms of security – “never write a password down”. - Gunter Ollmann

Read More:

What to do with passwords once you create them

Cryptography expert Bruce Schneier used to write his passwords down on a slip of paper and keep it in his wallet. Today, he uses a free Windows password-storage tool called Password Safe that he designed five years ago and released into the open-source community. -Elinor Mills, CNET

Read more:

The Rise of the Rogue AV Testers

Recently, I was sitting around with a number of colleagues from Kaspersky Lab, discussing everybody’s favorite subject: the state of anti-virus testing these days. During the talks, somebody brought up the name of a new, obscure testing organization in the Far East. Nobody else had ever heard of them and so my colleague Aleks Gostev jokingly called them a “rogue Andreas Marx." -Costin Raiu

Rogue AV Testers

Malware Persistence without the Windows Registry

For an attacker to maintain a foothold inside your network they will typically install a piece of backdoor malware on at least one of your systems. The malware needs to be installed persistently, meaning that it will remain active in the event of a reboot. Most persistence techniques on a Microsoft Windows platform involve the use of the Registry. Notable exceptions include the Startup Folder and trojanizing system binaries. Examining malware persistence locations in the Windows Registry and startup locations is a common technique employed by forensic investigators to identify malware on a host. Each persistence technique commonly seen today leaves a forensic footprint which can be easily collected using most forensic software on the market. - Nick Harbour